Apparatuses, systems, and methods for providing access security in a process control system

ABSTRACT

Apparatuses, systems, and methods of the present disclosure may provide access security in a process control system. For example, current biometric data representative of a user may be acquired and compared to stored biometric data representative of previously identified users. Access to the process control system may be authorized when the current biometric data matches stored biometric data.

TECHNICAL FIELD

The present disclosure generally relates to process control systemaccess security. More particularly, the present disclosure relates toprocess control system access security based on biometric data.

BACKGROUND

Checking and enforcing user authorization to access a process controlsystem typically makes up a large part of an associated securityarchitecture. In process plant operator applications, system access istypically authenticated each time a user attempts to interact with theprocess control system. In a typical implementation, the user logs intothe system and corresponding user credentials are cached and storeduntil the user logs out and another user logs in.

With electronic signature (ESIG) policies, authorization to access asystem can be more complex. For example, a login and password may needto be entered every time the user attempts access. Even more onerous,two user logins and passwords may be required. Systems like this cansuffer from several problems: 1) if a user walks away without loggingout, someone else may perform actions as this person, 2) user passwordsmay be hacked, stolen, or forgotten, thus, additional password security(complexity, frequency of change, etc.) may complicate this further, 3)entering credentials is often slow, repetitive, and painful—whenrequiring two signatures for ESIG, this is even more onerous.

Associated system log-ins often require serial entry and there is timeoverhead associated with changing entry blocks to type correspondingentries. This can lead users who are not legally required to use systemaccess authorization, to turn the secure features off to avoid hassle.

What are needed are apparatuses, methods and systems to improve knownprocess control system access security.

SUMMARY

A method for operating a process control system for a process plant mayinclude capturing, via a sensor at a user-interface, biometric data of auser authorized to interact with the process control system. The methodmay also include comparing the captured biometric data to stored data ofusers that are authorized to interact with the process control system,and determining an identity of a user based on a match between thecaptured biometric data and the stored data. The method may furtherinclude providing the user access to the process control system when theidentity of the user is determined.

In another embodiment, a system for operating a process control systemfor a process plant may include a communication network, one or moreprocessors communicatively coupled to the communication network, and anon-transitory computer-readable memory coupled to the one or moreprocessors and storing thereon instructions. The instructions, whenexecuted by the one or more processors, may cause the system to capture,via a sensor at a user-interface, biometric data of a user authorized tointeract with the process control system. The instructions, whenexecuted by the one or more processors, may cause the system to furthercompare the captured biometric data to stored data of users authorizedto interact with the process control system, and determine an identityof a user based on a match between the captured biometric data and thestored data. The instructions, when executed by the one or moreprocessors, may cause the system to also provide the user access to theprocess control system when the identity of the user is determined.

In a further embodiment, a tangible, computer-readable medium may storeinstructions that when executed by one or more processors of a processcontrol system, cause the process control system to capture, by one ormore sensors, biometric data of a user associated with a process of theprocess control system and determine, by the one or more processors, alevel of authorization of the user based on the captured biometric data.When further executed by the one or more processors of the processcontrol system, the instructions may cause the process control system toprovide the user access to the process control system when the identityof the user is determined.

In yet a further embodiment, a system for operating a process controlsystem for a process plant may include a communication network, one ormore processors communicatively coupled to the communication network;and a non-transitory computer-readable memory coupled to the one or moreprocessors and storing thereon instructions that, when executed by theone or more processors, cause the system to capture, via a sensor at auser-interface, first biometric data of a first user authorized tointeract with the process control system. Execution of the instructionsby the processor may also cause the system to compare the firstbiometric data to stored data of users authorized to interact with theprocess control system, determine an identity of the first user based ona match between the first biometric data and the stored data. Executionof the instructions may further cause the system to cause the system tocapture, via a sensor at a user-interface, second biometric data of asecond user authorized to interact with the process control system, anddetermine an arrangement of one or more limbs or a voice signature ofthe second user based on the second biometric data, and provide anoutput signal, comprising an electronic signature of the second user,based on the determined arrangement. Execution of the instructions bythe processor may further cause the system to provide the first useraccess to the process control system, based on the output signal, whenthe identity of the first user is determined.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 depicts a block diagram of an example process control systemincluding access security;

FIG. 2 depicts an example process control system workstation includingaccess security;

FIG. 3 depicts a block diagram of an example process control systemworkstation including access security;

FIG. 4 depicts an example method of providing access security in aprocess control system; and

FIG. 5 depicts an example method of providing access security in aprocess control system.

DETAIL DESCRIPTION

Apparatuses, methods and systems of the present disclosure may employ acamera and facial and/or gesture recognition technology. For example,associated process control access security systems may be trained torecognize a person standing in front of an associated camera.

More broadly, a biometric device (e.g., a camera, a fingerprint scanner,a microphone) and an associated computer may be employed to acquire andstore previously classified biometric data. The previously classifiedbiometric data may be representative of process control system usersthat have been verified to be authorized to access an associated processcontrol system, or a portion thereof. Subsequently, when an individualattempts to perform a secured operation, the biometric device mayacquire current biometric data and an associated computing device maycompare the current biometric data to the previously classifiedbiometric data to determine if the individual is an authorized user. Foraudit purposes, the current biometric data (e.g., an image, afingerprint, a voice recording, etc.) of the individual may be saved asa record of which user accesses the process control system.

Accordingly, when a user walks away from, for example, a process controlsystem workstation and another user attempts to access the workstation,an associated process control system security apparatus mayautomatically determine that the user had changed. Thus, there may be norisk of the wrong credentials being used in association with a performedaction.

A biometric data based security verification method of the presentdisclosure may be used as a replacement of known login sessions, or aknown login session may be combined with manual credential informationforgone and replaced with biometric data based security access. In otherwords, biometric data based security access of the present disclosuremay be combined with known manual login security to provide anadditional layer of security.

Given that biometric data associated with a user may replace anassociated username/password, associated username/password rules and/orissues may be eliminated.

For process control system security that requires an electronicsignature (ESIG), gesture recognition may be employed as a form of abiometric data based security system. For example, a gesture may bedefined as a temporary static pose of a limb (e.g., an arm, a hand, afinger, etc.) of a user. Accordingly, in an ESIG system, adifferentiation may be made between a confirmer and verifier (i.e.,using DeltaV Batch terms). In particular, a gesture may be used where aconfirmer raises, for example, an arm, a hand, or a finger whenever theassociated individual wished to access a given process control system.Alternatively, with addition of a sound recording device (e.g., amicrophone), a voice print may be used to generate biometric data. Whena differentiation must be made between users, a confirmer may speak theword, for example, “confirm.”

Biometric data based security of the present disclosure may beincorporated with other security technologies for further increasedsecurity. For example, host intrusion detection (HID) badges or visualbased badges with camera image processing software (e.g., MicrosoftKinect, Microsoft Kinect application programming interface (API), etc.)may be used as an additional token of proof of identity. Alternatively,facial and/or gesture recognition may be implemented in a proprietaryfashion, or using other existing off-the-shelf technologies.

In any event, biometric data based security apparatuses, methods andsystems of the present disclosure may provide more secure login comparedto known security access, may allow more efficient login compared toknown security access, may lesson access requirements and allow for moresecure defaults, and may reduce human error and allow multiple users toshare a set of process control system computers (e.g., workstations,user interfaces, etc.). Accordingly, process control system users may beable to move between process control system access devices without riskof using wrong credentials.

Turning to FIG. 1, a process control system 10 for use in controlling,for example, an industrial process (e.g., a refinery, a drugmanufacturing process, a power plant, etc.) may include a processcontroller 12 connected to a data historian 14 and to one or more hostworkstations or computers 16 via a communications network 11. The hostworkstations or computers 16 may include a first biometric device 18(e.g., a digital camera, a fingerprint scanner, a microphone, etc.) anda second biometric device 19 (e.g., a digital camera, a fingerprintscanner, a microphone, etc.). The data historian 14 may store, forexample, previously classified biometric data. The previously classifiedbiometric data may be representative of an identity of at least oneindividual that has been authorized to access the process control system10. Biometric data based security of the present disclosure may beemployed to verify and authorize user access to any of the devicesillustrated in FIG. 1. Moreover, biometric data based security of thepresent disclosure may be employed to limit access to process controlsystem 10 configuration, monitoring and/or control to only authorizedindividuals.

The host workstations or computers 16 may be any type of personalcomputers, workstations, etc., each having a display screen 17. Thecontroller 12 may also be connected to field devices 20-27 viainput/output (I/O) cards 28 and 29. The communications network 11 maybe, for example, an Ethernet communications network or any othersuitable or desirable communications network. The data historian 14 maybe any desired type of data collection unit having any desired type ofmemory and any desired or known software, hardware or firmware forstoring data. The controller 12, which may be, by way of example, aDeltaV™ controller or ER5000 controller sold by Emerson ProcessManagement, may be communicatively connected to the field devices 20-27using any desired hardware and software associated with, for example,standard 4-20 mA devices and/or any smart communication protocol such asthe FOUNDATION® Fieldbus protocol, the HART® protocol, etc.

The field devices 20-27 may be any type of process devices, such assensors, valves, regulators, transmitters, positioners, etc. whichperform a physical function within the process and/or which measure aprocess variable. The I/O cards 28 and 29 may be any types of I/Odevices conforming to any desired communication or controller protocol.In the embodiment illustrated in FIG. 1, the field devices 20-23 may bestandard 4-20 ma devices that communicate over analog lines to the I/Ocard 28, or may be HART devices that communicate over combined analogand digital lines to the I/O card 28. The field devices 24-27 may besmart devices, such as Fieldbus field devices, that communicate over adigital bus to the I/O card 29 using Fieldbus protocol communications.Generally, the Fieldbus protocol may be an all-digital, serial, two-waycommunication protocol that provides a standardized physical interfaceto a two-wire loop or bus which interconnects field devices. TheFieldbus protocol may provide, in effect, a local area network for fielddevices within a process, which may enable the field devices to performprocess control functions using, for example, function blocks (e.g., PIDfunction blocks) defined according to the Fieldbus protocol, atlocations distributed throughout a process facility, and to communicatewith one another before and after performance of these process controlfunctions to implement an overall control strategy. Alternatively, oradditionally, the field devices 20-27 may conform to any other desiredstandards or protocols, including any wired or wireless standards orprotocols, and any protocols now existing or developed in the future.

The controller 12 may include a processor 12 a that may implement orexecutes one or more process control routines (e.g., modules), which mayinclude control loops (e.g., PID loops) or portions of control loops,stored in a computer readable memory 12 b, and may communicate with thedevices 20-27, the host computers 16 and/or the data historian 14 tocontrol a process in any desired manner.

It should be noted that any of the control routines or elementsdescribed herein may have parts thereof implemented or executed byprocessors in different controllers or other devices, such as in one ormore of the field devices 20-27 if so desired. Likewise, the controlroutines or elements described herein to be implemented within theprocess control system 10 may take any form, including software,firmware, hardware, etc. A process control element can be any part orportion of a process control system including, for example, a routine ablock or a module stored on any computer readable medium. Controlroutines, which may be modules or any part of a control procedure, suchas a subroutine, parts of a subroutine (e.g., lines of code), etc. maybe implemented in any desired software format, such as using ladderlogic, sequential function charts, function block diagrams, or any othersoftware programming language or design paradigm. Likewise, the controlroutines may be hard-coded into, for example, one or more EPROMs,EEPROMs, application specific integrated circuits (ASICs), or any otherhardware or firmware elements. Still further, the control routines maybe designed using any design tools, including graphical design tools orany other type of software/hardware/firmware programming or designtools. As a result, it will be understood that the controller 12 may beconfigured to implement a control strategy or a control routine in anydesired manner.

The controller 12 may implement a control strategy using what arecommonly referred to as function blocks, wherein each function block isa part (e.g., a subroutine) of an overall control routine, and mayoperate in conjunction with other function blocks (via communicationscalled links) to implement process control loops within the processcontrol system 10. Function blocks typically perform one of an inputfunction, such as that associated with a transmitter, a sensor or otherprocess parameter measurement device, a control function, such as thatassociated with a control routine that performs PID, fuzzy logic, etc.control, or an output function which controls the operation of somedevice, such as a valve or a regulator, to perform some physicalfunction within the process control system 10. Hybrid and other types offunction blocks exist. Function blocks may be stored in and executed bythe controller 12, which is typically the case when these functionblocks are used for, or are associated with standard 4-20 ma devices andsome types of smart field devices such as HART and Fieldbus devices.Alternatively, or additionally, the function blocks may be stored in andimplemented by the field devices themselves, which can be the case withsome types of Fieldbus devices. While the description of the controlsystem is provided herein using a function block control strategy, thecontrol strategy or control loops or modules could also be implementedor designed using other conventions, such as ladder logic, sequentialfunction charts, etc. or using any other desired programming language orparadigm.

As illustrated by the exploded block 30 of FIG. 1, the controller 12 mayinclude a number of control loops 32, 34 and 36, with the control loop36 being illustrated as including an adaptive control routine or block38. Each of the control loops 32, 34 and 36 is typically referred to asa control module. The control loops 32, 34 and 36 are illustrated asperforming single loop control using a single-input/single-output PIDcontrol block connected to appropriate analog input (AI) and analogoutput (AO) function blocks, which may be associated with processcontrol devices such as valves, with measurement devices such astemperature and pressure transmitters, or with any other device withinthe process control system 10. In the example system of FIG. 1, theadaptive control loop 36 includes the adaptive PID control block 38which operates to adaptively determine and provide tuning parameters toa typical PID routine to adapt operation of the PID control routineduring the on-line operation of the control loop 36 when controlling aprocess, e.g., when controlling the operation of a process using valvesand/or other control devices which control a physical parameter of theprocess, based on measurement signals, such as sensor signals, which areindicative of measured or sensed parameters of the process. While thecontrol loops 32, 34 and 36 are illustrated as performing PID controlhaving an input communicatively connected to one AI function block andan output communicatively connected to one AO function block, thecontrol loops 32, 34 and 36 could include more than a single input and asingle output, and the inputs and outputs of these control loops may beconnected to any other desired function blocks or control elements toreceive other types of inputs and to provide other types of outputs.Moreover, the adaptive control block 38 may implement other types ofcontrol strategies, such as PI control, PD control, neural networkcontrol, fuzzy logic control, model predictive control or any type offeed forward/feedback control technique.

It shall be understood that the function blocks illustrated in FIG. 1,such as the PID function blocks and the adaptive PID function block 38,which itself can be implemented as one or more interconnected functionblocks, can be executed by the controller 12 or, alternatively, can bepartially or entirely located in and executed by any other suitableprocessing device(s), such as one of the workstations 16, one of the I/Odevices 28 and 29, or even one of the field devices 24-27.

As illustrated in FIG. 1, one of the workstations 16 may include one ormore adaptation support routines which are used to design, control,implement and/or view the adaptive control block 38 or the control loop36. For example, the workstation 16 may include a processor 40 that maygenerate, for example, a user interface that enables a user to inputparameters to the adaptive PID control block 38, to start, stop andcontrol the functioning of the adaptive control loop 36 or the blocksthereof, to provide set points and other adjustments to the controlblock 38, etc. Still further, the workstation 16 may include a routineor a block 42 that, when executed by the processor 40, provide processcontrol system access security based on biometric data.

With reference to FIG. 2, a process control system 200 may include aworkstation 217 having a first biometric device 218 (e.g., a digitalcamera, a fingerprint scanner, a microphone, etc.) and a secondbiometric device 219 (e.g., a digital camera, a fingerprint scanner, amicrophone, etc.). The workstation 217 may be similar to, for example,either of the host workstations or computers 16 of FIG. 1.

In any event, when an individual 211 attempts to access the processcontrol system 200, current biometric data may be automatically acquiredvia the first biometric device 218 and/or the second biometric device219. For example, current biometric data 215 may be representative of atleast a portion 213 (e.g., a face, an arm, a hand, a finger, a voicesignature, a gesture) of the individual 211. The workstation 217 mayautomatically compare the current biometric data 215 to previouslyclassified biometric data (e.g., previously classified biometric datastored in the data historian 14 of FIG. 1). If the workstation 217determines that the current biometric data 215 matches previouslyclassified biometric data stored in the data historian 14, theworkstation 217 may automatically authorize the individual 211 access tothe process control system 200. On the other hand, if the workstation217 determines that the current biometric data 215 does not matchpreviously classified biometric data stored in the data historian 14,the workstation 217 may automatically deny the individual 211 access tothe process control system 200. In either event, the workstation 217 maystore the current biometric data 215 (along with a day/time stamp) as arecord of the authorization or denial.

Turning to FIG. 3, a process control system 300 may include aworkstation 305. The workstation 305 may be similar to any one of theworkstations or computers 16 of FIG. 1 or the workstation 217 of FIG. 2.The workstation 305 may include a previously identified biometric datareceiving module 315, a current biometric data receiving module 320, abiometric data comparison module 325, a previously identified electronicsignature (ESIG) data receiving module 330, a current ESIG datareceiving module 335, an ESIG data comparison module 340, a processcontrol system access “level” determination module 345, an electronicsignature data receiving module 350, and a user identity data storagemodule 355 stored on a non-transitory computer-readable medium 310 inthe form of, for example, computer-readable instructions. The modules315-355 may be similar to, for example, the routine 42 of FIG. 1.

While the previously identified biometric data receiving module 315, thecurrent biometric data receiving module 320, the biometric datacomparison module 325, the previously identified electronic signature(ESIG) data receiving module 330, the current ESIG data receiving module335, the ESIG data comparison module 340, the process control systemaccess “level” determination module 345, the electronic signature datareceiving module 350, and the user identity data storage module 355 maybe stored on the non-transitory computer-readable medium 310 in the formof computer-readable instructions, any one of, all of, or anysub-combination of the previously identified biometric data receivingmodule 315, the current biometric data receiving module 320, thebiometric data comparison module 325, the previously identifiedelectronic signature (ESIG) data receiving module 330, the current ESIGdata receiving module 335, the ESIG data comparison module 340, theprocess control system access “level” determination module 345, theelectronic signature data receiving module 350, and the user identitydata storage module 355 may be implemented by hardware (e.g., one ormore discrete component circuits, one or more application specificintegrated circuits (ASICs), etc.), firmware (e.g., one or moreprogrammable application specific integrated circuits (ASICs), one ormore programmable logic devices (PLDs), one or more field programmablelogic devices (FPLD), one or more field programmable gate arrays(FPGAs), etc.), and/or any combination of hardware, software and/orfirmware. Furthermore, the workstation 305 of FIG. 3 may include one ormore elements, processes and/or devices in addition to, or instead of,those illustrated in FIG. 3, and/or may include more than one of, any,or all of the illustrated elements, processes and devices.

With reference to FIG. 4, a method of providing access security in aprocess control system 400 may be implemented by a processor (e.g., aprocessor 40 of the workstation or computer 16 of FIG. 1) executing, forexample, at least a portion of the modules 315-355 of FIG. 3. Inparticular, the processor 40 may execute a previously identifiedbiometric data receiving module 315 to cause the processor 40 to receivepreviously identified biometric data (block 415). The previouslyidentified biometric data may be representative of, for example, anidentity of at least one individual that is authorized to access aprocess control system. The previously identified biometric data may be,for example, image data, voice recording data, fingerprint data, gesturedata, etc. The processor 40 may receive the previously identifiedbiometric data from, for example, data historian (e.g., data historian14 of FIG. 1).

The processor 40 may execute a current biometric data receiving module320 to cause the processor 40 to receive current biometric data (block420). The current biometric data may be representative of, for example,an identity of at least one individual that is attempting to access aprocess control system. The current biometric data may be, for example,image data, voice recording data, fingerprint data, gesture data, etc.The processor 40 may receive the current biometric data from, forexample, a digital camera, a microphone, a fingerprint scanner, etc.

The processor 40 may execute a biometric data comparison module 325 tocause the processor 40 to compare the current biometric data with thepreviously identified biometric data (block 425). For example, theprocessor 40 may determine whether the current biometric data matchesthe previously identified biometric data (block 430).

When the processor 40 determines that the current biometric data doesnot match the previously identified biometric data (block 430), theprocessor 40 may deny the individual access to the process controlsystem, and may once again receive current biometric data (block 420).When the processor 40 determines that the current biometric data matchesthe previously identified biometric data (block 430), the processor 40may allow the individual access to the process control system, mayexecute a process control system access “level” determination module 345to determine an access “level” for the individual based upon, forexample, a role of the individual with respect to an associated processplant (e.g., a supervisor, a manager, an engineer, a plant operator, amaintenance personnel, etc.) (block 435), and may execute a useridentity data storage module 355 to cause the processor 40 to store arecord that is representative of the individual that is attemptingaccess and/or an associated day/time stamp (block 440). For auditpurposes, the current biometric data (e.g., an image, a fingerprint, avoice recording, etc.) of the individual may be saved as a record (or“proof”) of, for example, which user accesses the process controlsystem.

As described above, the method 400 may comprise a program (or module)for execution by a processor. The program (or module) may be embodied insoftware stored on a tangible (or non-transitory) computer readablestorage medium such as a compact disc read-only memory (“CD-ROM”), afloppy disk, a hard drive, a DVD, Blu-ray disk, or a memory associatedwith the personal-identification entry device (PED) processor. Theentire program (or module) and/or parts thereof could alternatively beexecuted by a device other than the PED processor and/or embodied infirmware or dedicated hardware (e.g., one or more discrete componentcircuits, one or more application specific integrated circuits (ASICs),etc.). Further, although the example program (or module) is describedwith reference to the flowchart illustrated in FIG. 4, many othermethods of implementing the method 400 may alternatively be used. Forexample, the order of execution of the blocks may be changed, and/orsome of the blocks described may be changed, eliminated, or combined.

Turning to FIG. 5, a method of providing access security in a processcontrol system 500 may be implemented by a processor (e.g., a processor40 of the workstation or computer 16 of FIG. 1) executing, for example,at least a portion of the modules 315-355 of FIG. 3. For process controlsystem security that requires an electronic signature (ESIG), gesturerecognition may be employed in accordance with the method 500 as a formof a biometric data based security system. A gesture may be defined, forexample, as a temporary static pose of a limb (e.g., an arm, a hand, afinger, etc.) of a first user (e.g., a verifier) and/or a second user(e.g., a confirmer). Accordingly, in an ESIG system, a differentiationmay be made between a confirmer and verifier (i.e., using DeltaV Batchterms). In particular, a gesture may be used where a verifier and/or aconfirmer may raise, for example, an arm, a hand, or a finger wheneverthe associated individual wished to access a given process controlsystem. In any event, electronic signatures may be implemented to meetregulatory compliance efforts (e.g., FDA 21 CFR Part 11, OSHA, ISO 9000,etc.).

Alternatively, or additionally, with addition of a sound recordingdevice (e.g., a microphone), a voice print may be used to generatebiometric data. Accordingly, when a differentiation is desired betweenusers, a verifier may speak a first word (e.g., verify or verifier) anda confirmer may speak a second word (e.g., confirm or confirmer). Theprocessor 40 may implement voice recognition to identify a first user(e.g., confirmer) and/or a second user (e.g., a verifier). Method 500may incorporate, for example, action confirm/verify via electronicsignatures from a batch operator interface and campaign manager. Any andall actions undertaken may be set up to require a first user name andpassword (e.g., a confirmer user name and password) to execute, andsecond user name and password (e.g., a verifier user name and password).

More particularly, the processor 40 may execute a previously identifiedbiometric data receiving module 315 to cause the processor 40 to receivepreviously identified biometric data (block 515). The previouslyidentified biometric data may be representative of, for example, anidentity of at least one individual that is authorized to access aprocess control system. The previously identified biometric data may be,for example, image data, voice recording data, fingerprint data, gesturedata, etc. The processor 40 may receive the previously identifiedbiometric data from, for example, data historian (e.g., data historian14 of FIG. 1).

The processor 40 may execute a current biometric data receiving module320 to cause the processor 40 to receive current biometric data (block520). The current biometric data may be representative of, for example,an identity of at least one individual that is attempting to access aprocess control system. The current biometric data may be, for example,image data, voice recording data, fingerprint data, gesture data, etc.The processor 40 may receive the current biometric data from, forexample, a digital camera, a microphone, a fingerprint scanner, etc.

The processor 40 may execute a biometric data comparison module 325 tocause the processor 40 to compare the current biometric data with thepreviously identified biometric data (block 525). For example, theprocessor 40 may determine whether the current biometric data matchesthe previously identified biometric data (block 530).

When the processor 40 determines that the current biometric data doesnot match the previously identified biometric data (block 530), theprocessor 40 may deny the individual access to the process controlsystem, and may once again receive current biometric data (block 520).When the processor 40 determines that the current biometric data matchesthe previously identified biometric data (block 530), the processor 40may execute a previously identified electronic signature (ESIG) datareceiving module 330, to cause the processor 40 to receive previouslyidentified ESIG data (block 535). For example, the processor 40 mayreceive previously identified ESIG data from a data historian (e.g.,data historian 14 of FIG. 1). The previously identified ESIG data may berepresentative of, for example, an identity of at least one individualthat has authorization to access the process control system. Thepreviously identified ESIG data may be representative of a gesture(e.g., an arm gesture, a hand gesture, a finger gesture, etc.) that hasbeen previously associated with an individual that is authorized toaccess the process control system. The processor 40 may execute acurrent ESIG data receiving module 335, to cause the processor 40 toreceive current ESIG data (block 540). The processor 40 may execute anESIG data comparison module 340 to cause the processor 40 to compare thecurrent ESIG data with the previously identified ESIG data (block 545).For example, the processor 40 may determine whether the current ESIGdata matches the previously identified ESIG data (block 550).

When the processor 40 determines that the current ESIG data does notmatch the previously identified ESIG data (block 550), the processor 40may deny the individual access to the process control system, and mayreceive current biometric data (block 520). When the processor 40determines that the current ESIG data matches the previously identifiedESIG data (block 550), the processor 40 may allow the individual accessto the process control system, may execute a process control systemaccess “level” determination module 345 to determine an access “level”for the individual based upon, for example, a role of the individualwith respect to an associated process plant (e.g., a supervisor, amanager, an engineer, a plant operator, a maintenance personnel, etc.)(block 555), and may execute a user identity data storage module 355 tocause the processor 40 to store a record that is representative of theindividual that is attempting access and/or an associated day/time stamp(block 560). For audit purposes, the current biometric data (e.g., animage, a fingerprint, a voice recording, etc.) of the individual may besaved as a record (or “proof”) of, for example, which user accesses theprocess control system.

As described above, the method 500 may comprise a program (or module)for execution by a processor. The program (or module) may be embodied insoftware stored on a tangible (or non-transitory) computer readablestorage medium such as a compact disc read-only memory (“CD-ROM”), afloppy disk, a hard drive, a DVD, Blu-ray disk, or a memory associatedwith the PED processor. The entire program (or module) and/or partsthereof could alternatively be executed by a device other than the PEDprocessor and/or embodied in firmware or dedicated hardware (e.g., oneor more discrete component circuits, one or more application specificintegrated circuits (ASICs), etc.). Further, although the exampleprogram (or module) is described with reference to the flowchartillustrated in FIG. 5, many other methods of implementing the method 500may alternatively be used. For example, the order of execution of theblocks may be changed, and/or some of the blocks described may bechanged, eliminated, or combined.

As mentioned above, the example processes of FIGS. 4 and 5 may beimplemented using coded instructions (e.g., computer-readableinstructions) stored on a tangible (e.g., a non-transitory)computer-readable medium such as a hard disk drive, a flash memory, aread-only memory (ROM), a compact disk (CD), a digital versatile disk(DVD), a cache, a random-access memory (RAM) and/or any other storagemedia in which information is stored for any duration (e.g., forextended time periods, permanently, brief instances, for temporarilybuffering, and/or for caching of the information). As used herein, theterm tangible computer-readable medium is expressly defined to includeany type of computer-readable storage and to exclude propagatingsignals. Additionally or alternatively, the example processes of FIGS. 4and 5 may be implemented using coded instructions (e.g.,computer-readable instructions) stored on a non-transitory computerreadable medium such as a hard disk drive, a flash memory, a read-onlymemory, a compact disk, a digital versatile disk, a cache, arandom-access memory and/or any other storage media in which informationis stored for any duration (e.g., for extended time periods,permanently, brief instances, for temporarily buffering, and/or forcaching of the information). As used herein, when the phrase “at least”is used as the transition term in a preamble of a claim, it isopen-ended in the same manner as the term “comprising” is open ended.Thus, a claim using “at least” as the transition term in its preamblemay include elements in addition to those expressly recited in theclaim.

The following aspects of the disclosure are exemplary only and notintended to limit the scope of the disclosure.

1. A method for operating a process control system for a process plant,the method comprising: capturing, via a sensor at a user-interface,biometric data of a user authorized to interact with the process controlsystem; comparing the captured biometric data to stored data of usersthat are authorized to interact with the process control system;determining an identity of a user based on a match between the capturedbiometric data and the stored data; and providing the user access to theprocess control system when the identity of the user is determined.

2. The method of aspect 1, wherein the captured biometric data comprisesan image including at least a portion of the face of the user, whereincomparing the captured biometric data to stored data comprises:determining one or more facial characteristics of the image; andcomparing the one or more facial characteristics to stored data of usersauthorized to interact with the process control system.

3. The method of aspect 1 or aspect 2, wherein the captured biometricdata comprises a voice recording, wherein comparing the capturedbiometric data to stored data comprises: determining one or more soundcharacteristics of the voice recording; and comparing the one or morecharacteristics of the voice recording to stored data of usersauthorized to interact with the process control system.

4. The method of aspect 3, wherein determining the one or more soundcharacteristics of the voice recording comprises analyzing one or moreof a tone, a pitch, a cadence, or a frequency associated with the voicerecording.

5. The method of any one of aspects 1 to 4, wherein allowing access tothe process control system includes an input to the user-interface thatis a request for an electronic signature, the method further comprising:capturing, via the sensor at the user-interface, an image of the user;determining an arrangement of one or more limbs of the user based on thecaptured image; and based on the determined arrangement, providing anoutput signal comprising an electronic signature of the user.

6. The method of any one of aspects 1 to 5, the method furthercomprising: determining a level of authorization based on the identityof the user; and based on the determined level of authorization,toggling one or more elements of the user-interface.

7. The method of any one of aspects 1 to 6, wherein allowing access tothe process control system includes selectively facilitating one or morechanges in response to a user input, comprising: enabling one or morecomponents of the user-interface.

8. The method of any one of aspects 1 to 7, wherein allowing access tothe process control system includes selectively facilitating one or morechanges in response to a user input, comprising: adjusting a setpoint ofthe process control system.

9. The method of any one of aspects 1 to 8, wherein allowing access tothe process control system includes selectively facilitating one or morechanges in response to a user input, comprising: configuring a module ofthe process control system.

10. The method of any one of aspects 1 to 9, wherein allowing access tothe process control system includes selectively facilitating one or morechanges in response to a user input, comprising: providing an outputsignal comprising the determined identity of the user.

11. A system for operating a process control system for a process plant,the system comprising: a communication network; one or more processorscommunicatively coupled to the communication network; and anon-transitory computer-readable memory coupled to the one or moreprocessors and storing thereon instructions that, when executed by theone or more processors, cause the system to: capture, via a sensor at auser-interface, biometric data of a user authorized to interact with theprocess control system; compare the captured biometric data to storeddata of users authorized to interact with the process control system;determine an identity of a user based on a match between the capturedbiometric data and the stored data; and provide the user access to theprocess control system when the identity of the user is determined.

12. The system of aspect 11, wherein the captured biometric datacomprises an image including at least a portion of the face of the user,wherein the instructions that, when executed by the one or moreprocessors, cause the system to compare the captured the biometric datato stored data comprises: determine one or more facial characteristicsof the captured biometric data; and compare the one or morecharacteristics to stored data of authorized users associated with theprocess.

13. The system of either aspect 11 or aspect 12, wherein theinstructions, when executed by the one or more processors, toselectively facilitate the one or more steps further cause the systemto: determine an arrangement of one or more limbs of the user based onthe captured biometric data; and based on the determined arrangement,provide an output signal comprising an electronic signature of the user.

14. The system of any one of aspects 11 to 13, wherein the instructionsthat, when executed by the one or more processors, further cause thesystem to: capture, via the sensor at the user-interface, a motionassociated with the user to; and based on the captured motion, providean output signal in response to the captured motion.

15. The system of aspect 14, wherein the output signal includes aninstruction to log off the user from the user-interface.

16. The system of any one of aspects 11 to 15, wherein the instructions,when executed by the one or more processors, to selectively facilitatethe one or more steps further cause the system to enable the user toaccess the process control system via a user interface.

17. The system of any one of aspects 11 to 16, wherein the instructions,when executed by the one or more processors, further cause the system toactivate a user profile based on the determined identity of the user.

18. The system of any one of aspects 11 to 17, wherein the instructions,when executed by the one or more processors, selectively facilitate oneor more steps that correspond to a user input and cause the system toadjust a setpoint of the process control system.

19. The system of any one of aspects 11 to 18, wherein the instructions,when executed by the one or more processors, selectively facilitate oneor more steps that correspond to a user input and cause the system to:configure a module of the process control system.

20. A tangible, computer-readable medium storing instructions that whenexecuted by one or more processors of a process control system, causethe process control system to: capture, by one or more sensors,biometric data of a user associated with a process of the processcontrol system; determine, by the one or more processors, a level ofauthorization of the user based on the captured biometric data; andprovide the user access to the process control system when the identityof the user is determined.

21. The tangible computer-readable medium of aspect 20, further storinginstructions that when executed by one or more processors of a processcontrol system, cause the process control system to: receive, by the oneor more processors, an input that corresponds to the process from theuser; and based on the determined level of authorization, selectivelyfacilitate, by the one or more processors, one or more stepscorresponding to the input.

22. The tangible computer-readable medium of aspect 21, wherein theinput that corresponds to the process is a request for an electronicsignature, wherein the instructions, when executed by the one or moreprocessors, to selectively facilitate the one or more steps furthercause the process control system to: determine, by the one or moreprocessors, an arrangement of one or more limbs of the user based on thecaptured biometric data; and based on the determined arrangement,provide an output signal comprising an electronic signature of the user.

23. The tangible computer-readable medium of either aspect 21 or aspect22, wherein the instructions, when executed by the one or moreprocessors, to selectively facilitate the one or more steps thatcorrespond to the input further cause the process control system to:enable the user to access the process control system via a userinterface.

24. The tangible computer-readable medium of any one of aspects 21 to23, wherein the instructions, when executed by the one or moreprocessors, to selectively facilitate the one or more steps thatcorrespond to the input further cause the process control system to:adjust a setpoint of the process control system.

25. The tangible computer-readable medium of any one of aspects 21 to24, wherein the instructions, when executed by the one or moreprocessors, to selectively facilitate the one or more steps thatcorrespond to the input further cause the process control system to:configure a module of the process control system.

26. A system for operating a process control system for a process plant,the system comprising: a communication network; one or more processorscommunicatively coupled to the communication network; and anon-transitory computer-readable memory coupled to the one or moreprocessors and storing thereon instructions that, when executed by theone or more processors, cause the system to: capture, via a sensor at auser-interface, first biometric data of a user authorized to interactwith the process control system; compare the first biometric data tostored data of users authorized to interact with the process controlsystem; determine an identity of a first user based on a match betweenthe first biometric data and the stored data; capture, via a sensor at auser-interface, second biometric data of a second user authorized tointeract with the process control system; determine an arrangement ofone or more limbs or a voice signature of the second user based on thecaptured biometric data; provide an output signal, comprising anelectronic signature of the second user, based on the determinedarrangement; and provide the first user access to the process controlsystem, based on the output signal, when the identity of the first useris determined.

27. The system of aspect 26, wherein the first biometric data comprisesan image including at least a portion of the face of the first user,wherein the first user is a confirmer, and wherein the instructions,when executed by the one or more processors, cause the system to comparethe first the biometric data to stored data comprises: determine one ormore facial characteristics of the first biometric data; and compare theone or more characteristics to stored data of authorized usersassociated with the process.

28. The system of either aspect 26 or aspect 27, wherein theinstructions that, when executed by the one or more processors, furthercause the system to: capture, via the sensor at the user-interface, amotion associated with the second user to; and based on the capturedmotion, provide the output signal in response to the captured motion,wherein the second user is a verifier.

29. The system of any one of aspects 26 to 28, wherein the output signalincludes an instruction to log off the first user from theuser-interface.

30. The system of any one of aspects 26 to 29, wherein the instructions,when executed by the one or more processors, cause the system toselectively facilitate the one or more steps, and further cause thesystem to enable the first user to access the process control system viaa user interface.

31. The system of any one of aspects 26 to 30, wherein the instructions,when executed by the one or more processors, further cause the system toactivate a user profile based on the determined identity of the firstuser.

32. The system of any one of aspects 26 to 31, wherein the instructions,when executed by the one or more processors, cause the system toselectively facilitate one or more steps that correspond to a user inputand cause the system to adjust a setpoint of the process control system.

33. The system of any one of aspects 26 to 32, wherein the instructions,when executed by the one or more processors, cause the system toselectively facilitate one or more steps that correspond to a user inputand cause the system to: configure a module of the process controlsystem.

While various functions and/or systems of field devices have beendescribed herein as “modules,” “components,” or “function blocks,” it isnoted that these terms are not limited to single, integrated units.Moreover, while the present invention has been described with referenceto specific examples, those examples are intended to be illustrativeonly, and are not intended to limit the invention. It will be apparentto those of ordinary skill in the art that changes, additions ordeletions may be made to the disclosed embodiments without departingfrom the spirit and scope of the invention. For example, one or moreportions of methods described above may be performed in a differentorder (or concurrently) and still achieve desirable results.

What is claimed is:
 1. A method for operating a process control systemfor an industrial process plant, the method comprising: capturing, via asensor at a user-interface, biometric data of a user authorized tointeract with the process control system; comparing the capturedbiometric data to stored data of users that are authorized to interactwith the process control system; determining an identity of a user basedon a match between the captured biometric data and the stored data;providing the user access to the process control system, via at leastone of a batch operator interface or a campaign manager, when theidentity of the user is determined, wherein access to the processcontrol system includes enabling the user to perform at least onesecured operation selected from the group of: configuration of a fielddevice within the process control system, monitoring of a field devicewithin the process control system, or control of a field device withinthe process control system, wherein the field device is at least one of:a sensor, a valve, a regulator, a transmitter, or a positioner, andwherein the field device measures a process variable within the processplant and/or performs a physical function within the process plant basedon a measured process variable within the process plant; saving thecaptured biometric data and an indication of the action performed alongwith a day and time stamp in response to providing the user access tothe process control system, wherein the saved captured biometric data,the indication of the action performed, and the day and time stampprovide a record of which user accesses the process control system,which action was performed, and a day and time when the user accessesthe process control system; capturing, via the sensor at theuser-interface, current biometric data of a changed user; comparing thecurrent biometric data to the captured biometric data; determining achange in user based on a difference between the current biometric dataand the captured biometric data; and preventing the changed user fromperforming a secured operation within the process control system.
 2. Themethod of claim 1, wherein the captured biometric data comprises animage including at least a portion of the face of the user, whereincomparing the captured biometric data to stored data comprises:determining one or more facial characteristics of the image; andcomparing the one or more facial characteristics to stored data of usersauthorized to interact with the process control system.
 3. The method ofclaim 1, wherein the captured biometric data comprises a voicerecording, wherein comparing the captured biometric data to stored datacomprises: determining one or more sound characteristics of the voicerecording; and comparing the one or more characteristics of the voicerecording to stored data of users authorized to interact with theprocess control system.
 4. The method of claim 1, further comprising:denying the user access to the process control system when the capturedbiometric data is determined to not match the stored data; and savingthe captured biometric data along with a day and time stamp in responseto denying the user access to the process control system, wherein thesaved captured biometric data and the day and time stamp provide arecord of which user is denied access to the process control system anda day and time when the user is denied access to the process controlsystem.
 5. The method of claim 1, wherein allowing access to the processcontrol system includes an input to the user-interface that is a requestfor an electronic signature, the method further comprising: capturing,via the sensor at the user-interface, an image of the user; determiningan arrangement of one or more limbs of the user based on the capturedimage; and based on the determined arrangement, providing an outputsignal comprising an electronic signature of the user.
 6. The method ofclaim 1, the method further comprising: determining a level ofauthorization based on the identity of the user; and based on thedetermined level of authorization, toggling one or more elements of theuser-interface and save a record of the level of authorization of theuser.
 7. The method of claim 1, wherein allowing access to the processcontrol system includes selectively facilitating one or more changes inresponse to a user input, comprising: enabling one or more components ofthe user-interface.
 8. The method of claim 1, wherein allowing access tothe process control system includes selectively facilitating one or morechanges in response to a user input, comprising: adjusting a setpoint ofthe process control system.
 9. The method of claim 1, wherein allowingaccess to the process control system includes selectively facilitatingone or more changes in response to a user input, comprising: configuringa module of the process control system.
 10. The method of claim 1,wherein allowing access to the process control system includesselectively facilitating one or more changes in response to a userinput, comprising: providing an output signal comprising the determinedidentity of the user.
 11. A system for operating a process controlsystem for an industrial process plant, the system comprising: acommunication network; one or more processors communicatively coupled tothe communication network; and a non-transitory computer-readable memorycoupled to the one or more processors and storing thereon instructionsthat, when executed by the one or more processors, cause the system to:capture, via a sensor at a user-interface, biometric data of a userauthorized to interact with the process control system; compare thecaptured biometric data to stored data of users authorized to interactwith the process control system; determine an identity of a user basedon a match between the captured biometric data and the stored data;provide the user access to the process control system, via at least oneof a batch operator interface or a campaign manager, when the identityof the user is determined, wherein access to the process control systemincludes enabling the user to perform at least one secured operationselected from the group of: configuration of a field device within theprocess control system, monitoring of a field device within the processcontrol system, or control of a field device within the process controlsystem, wherein the field device is at least one of: a sensor, a valve,a regulator, a transmitter, or a positioner, and wherein the fielddevice measures a process variable within the process plant and/orperforms a physical function within the process plant based on ameasured process variable within the process plant; save the capturedbiometric data and an indication of the action performed along with aday and time stamp in response to providing the user access to theprocess control system, wherein the saved captured biometric data, theindication of the action performed, and the day and time stamp provide arecord of which user accesses the process control system, which actionwas performed, and a day and time when the user accesses the processcontrol system; capture, via the sensor at the user-interface, currentbiometric data of a changed user; compare the current biometric data tothe captured biometric data; determine a change in user based on adifference between the current biometric data and the captured biometricdata; and prevent the changed user from performing a secured operationwithin the process control system.
 12. The system of claim 11, whereinthe captured biometric data comprises an image including at least aportion of the face of the user, wherein the instructions that, whenexecuted by the one or more processors, cause the system to compare thecaptured the biometric data to stored data comprises: determine one ormore facial characteristics of the captured biometric data; and comparethe one or more characteristics to stored data of authorized usersassociated with the process.
 13. The system of claim 11, wherein theinstructions, when executed by the one or more processors, toselectively facilitate the one or more steps further cause the systemto: determine an arrangement of one or more limbs of the user based onthe captured biometric data; and based on the determined arrangement,provide an output signal comprising an electronic signature of the user.14. The system of claim 11, wherein the instructions that, when executedby the one or more processors, further cause the system to: capture, viathe sensor at the user-interface, a motion associated with the user to;and based on the captured motion, provide an output signal in responseto the captured motion.
 15. The system of claim 14, wherein the outputsignal includes an instruction to log off the user from theuser-interface.
 16. The system of claim 11, wherein the instructions,when executed by the one or more processors, to selectively facilitatethe one or more steps further cause the system to enable the user toaccess the process control system via a user interface.
 17. The systemof claim 11, wherein the instructions, when executed by the one or moreprocessors, further cause the system to activate a user profile based onthe determined identity of the user.
 18. The system of claim 11, whereinthe instructions, when executed by the one or more processors,selectively facilitate one or more steps that correspond to a user inputand cause the system to adjust a setpoint of the process control system.19. The system of claim 11, wherein the instructions, when executed bythe one or more processors, selectively facilitate one or more stepsthat correspond to a user input and cause the system to: configure amodule of the process control system.
 20. A tangible, computer-readablemedium storing instructions that when executed by one or more processorsof a process control system, cause the process control system to:capture, by one or more sensors, biometric data of a user associatedwith a process of the process control system; determine, by the one ormore processors, a level of authorization of the user based on thecaptured biometric data; provide the user access to the process controlsystem, via at least one of a batch operator interface or a campaignmanager, when the identity of the user is determined, where access tothe process control system includes enabling the user to perform atleast one secured operation selected from the group of: configuration ofa field device within the process control system, monitoring of a fielddevice within the process control system, or control of a field devicewithin the process control system, wherein the field device is at leastone of: a sensor, a valve, a regulator, a transmitter, or a positioner,and wherein the field device measures a process variable within theprocess plant and/or performs a physical function within the processplant based on a measured process variable within the process plant;save an indication of the action performed, the level of authorizationof the user and the captured biometric data along with a day and timestamp in response to providing the user access to the process controlsystem, wherein the saved captured biometric data, the indication of theaction performed, and the day and time stamp provide a record of whichuser accesses the process control system, which action was performed,and a day and time when the user accesses the process control system;capture, via the sensor at the user-interface, current biometric data ofa changed user; compare the current biometric data to the capturedbiometric data; and determine a change in user based on a differencebetween the current biometric data and the captured biometric data; andprevent the changed user from performing a secured operation within theprocess control system.
 21. The tangible computer-readable medium ofclaim 20, further storing instructions that when executed by one or moreprocessors of a process control system, cause the process control systemto: receive, by the one or more processors, an input that corresponds tothe process from the user; and based on the determined level ofauthorization, selectively facilitate, by the one or more processors,one or more steps corresponding to the input.
 22. The tangiblecomputer-readable medium of claim 21, wherein the input that correspondsto the process is a request for an electronic signature, wherein theinstructions, when executed by the one or more processors, toselectively facilitate the one or more steps further cause the processcontrol system to: determine, by the one or more processors, anarrangement of one or more limbs of the user based on the capturedbiometric data; and based on the determined arrangement, provide anoutput signal comprising an electronic signature of the user.
 23. Thetangible computer-readable medium of claim 21, wherein the instructions,when executed by the one or more processors, to selectively facilitatethe one or more steps that correspond to the input further cause theprocess control system to: enable the user to access the process controlsystem via a user interface.
 24. The tangible computer-readable mediumof claim 21, wherein the instructions, when executed by the one or moreprocessors, to selectively facilitate the one or more steps thatcorrespond to the input further cause the process control system to:adjust a setpoint of the process control system.
 25. The tangiblecomputer-readable medium of claim 21, wherein the instructions, whenexecuted by the one or more processors, to selectively facilitate theone or more steps that correspond to the input further cause the processcontrol system to: configure a module of the process control system. 26.A system for operating a process control system for an industrialprocess plant, the system comprising: a communication network; one ormore processors communicatively coupled to the communication network;and a non-transitory computer-readable memory coupled to the one or moreprocessors and storing thereon instructions that, when executed by theone or more processors, cause the system to: capture, via a sensor at auser-interface, first biometric data of a user authorized to interactwith the process control system; compare the first biometric data tostored data of users authorized to interact with the process controlsystem; determine an identity of a first user based on a match betweenthe first biometric data and the stored data; capture, via a sensor at auser-interface, second biometric data of a second user authorized tointeract with the process control system; determine an arrangement ofone or more limbs or a voice signature of the second user based on thecaptured biometric data; provide an output signal, comprising anelectronic signature of the second user, based on the determinedarrangement; provide the first user access to the process controlsystem, via at least one of a batch operator interface or a campaignmanager and based on the output signal, when the identity of the firstuser is determined, where access to the process control system includesenabling the first user to perform at least one secured operationselected from the group of: configuration of a field device within theprocess control system, monitoring of a field device within the processcontrol system, or control of a field device within the process controlsystem, wherein the field device is at least one of: a sensor, a valve,a regulator, a transmitter, or a positioner, and wherein the fielddevice measures a process variable within the process plant and/orperforms a physical function within the process plant based on ameasured process variable within the process plant; save at least oneof: the first biometric data or the second biometric data and anindication of the action performed, along with a day and time stamp, inresponse to providing the first user access to the process controlsystem, wherein the saved first biometric data or the saved secondbiometric data, the indication of the action performed, and the day andtime stamp, provide a record of which user accesses the process controlsystem, which action was performed, and a day and time when the useraccesses the process control system; capture, via the sensor at theuser-interface, current biometric data of a changed user; compare thecurrent biometric data to the captured biometric data; and determine achange in user based on a difference between the current biometric dataand the captured biometric data; and prevent the changed user fromperforming a secured operation within the process control system. 27.The system of claim 26, wherein the first biometric data comprises animage including at least a portion of the face of the first user,wherein the first user is a confirmer, and wherein the instructions,when executed by the one or more processors, cause the system to comparethe first the biometric data to stored data comprises: determine one ormore facial characteristics of the first biometric data; and compare theone or more characteristics to stored data of authorized usersassociated with the process.
 28. The system of claim 26, wherein theinstructions that, when executed by the one or more processors, furthercause the system to: capture, via the sensor at the user-interface, amotion associated with the second user to; and based on the capturedmotion, provide the output signal in response to the captured motion,wherein the second user is a verifier.
 29. The system of claim 26,wherein the output signal includes an instruction to log off the firstuser from the user-interface.
 30. The system of claim 26, wherein theinstructions, when executed by the one or more processors, cause thesystem to selectively facilitate the one or more steps, and furthercause the system to enable the first user to access the process controlsystem via a user interface.
 31. The system of claim 26, wherein theinstructions, when executed by the one or more processors, further causethe system to activate a user profile based on the determined identityof the first user.
 32. The system of claim 26, wherein the instructions,when executed by the one or more processors, cause the system toselectively facilitate one or more steps that correspond to a user inputand cause the system to adjust a setpoint of the process control system.33. The system of claim 26, wherein the instructions, when executed bythe one or more processors, cause the system to selectively facilitateone or more steps that correspond to a user input and cause the systemto: configure a module of the process control system.